III. General information on data processing

1. Scope of processing personal data

We generally only process the personal data of our users when this is required for supplying a fully functional website as well as our contents and services. We always only process our users’ personal data with the user’s permission. The only exception is in such cases when obtaining prior consent is not possible due to genuine reasons and processing of the data is permitted on the grounds of statutory regulations.

2. Legal basis for processing personal data

Art. 6 sec. 1 lit. a of the EU General Data Protection Regulation – GDPR (DatenschutzGrundverordnung – DSGVO) serves as the legal basis when we obtain a concerned person’s consent for the purposes of processing personal data. 2 Art. 6 sec. 1 lit. b EU General Data Protection Regulation – GDPR serves as the legal basis for the processing of personal data when this is required to fulfil a contract and the person concerned is the contractual party. This also applies to processing, which is required to carry out pre-contractual measures. Art. 6 sec. 1 lit. c GDPR serves as the legal basis when the processing of personal data is necessary to fulfil legal obligations, which our company is subject to. Art. 6 sec. 1 lit. f GDPR serves as the legal basis for processing when the processing is required to safeguard a justified interest of our company or that of a third party and the aforementioned interest outweighs the interests, basic rights and freedoms of the person concerned.

3. Data deletion and storage period

The personal data of the person concerned is deleted or blocked as soon as the purpose of storage lapses. Storage may continue beyond that if stipulated in European or national legislation through Union legislative regulations, laws or other provisions, to which the responsible party is subject to. Data is also blocked or deleted when a storage period lapses as prescribed by the named rules, unless there is a requirement to further store the data for concluding or fulfilling a contract.

IV. Providing a website and creating log files

1. Description and scope of data processing

Each time our Internet site is called up, our system automatically collects data and information from the system of the retrieving computer.

The following data is collected:

(1)) Information of the browser type and the version used
(2) The user’s operating system
(3) The users Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reaches our Internet site
(7) Websites, which the user’s system calls up from our website

The data is also stored in the log files of our systems. This data is not stored together with the user’s other personal data

The temporary storage of the IP address by the system is necessary to facilitate the website being provided to the user’s computer. The user’s IP address must be stored for this, for the duration of the session. Storage in log files safeguards the full functionality of the website. The data helps us to optimise the website and to ensure the security of our IT systems. In this context data is not used for the purposes of marketing analyses. These purposes are also subject to our justified interest in data processing as per Art. 6 sec. 1 lit. f GDPR.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfil the purpose of collection. With regards to collecting the data to provide the website, this applies when the respective session has ended. With regards to storing data in log files, this is the case after seven days at the very latest. Storage beyond that is possible. The users’ IP addresses are deleted in this case or distorted, so that the calling client can no longer be allocated.

5. Objection or deletion options

The collection of data to provide the website, and the storage of data in log-files, is strictly necessary for the operation of the Internet site. Therefore the user cannot object to this

V. Registration

1. Description and scope of data processing

We offer users the opportunity to register on our internet site by giving us personal data. The data is then entered into an input mask, which is sent to us and stored. No data will be passed on to third parties. The user name and password are collected as part of the registration process

The following data is also stored at the point of registration:

(1) The user’s IP address
(2) Date and time of registration

The user’s consent for processing this data is collected as part of this registration process

2. Legal basis for processing personal data

Art. 6 sec. 1 lit. a GDPR provides the legal basis for the processing of data once the user has given consent. Art. 6 sec. 1 lit. b GDPR/DSGVO provides an additional legal ground when the registration serves to fulfil a contract for which the user is a contractual party or when pre-contractual services are carried out.

3. The purpose of data processing

The user must register so that the following contents and services can be provided on our website

Collection and storage of personal data for processing online applications; the data is used in confidence and automatically deleted after the application process. Your data is required to check your suitability for the advertised positions and to make contact with you to inform you of the status of your application

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfil the purpose of collection. This applies to data, which was collected during the registration process, when the registration is deleted or amended on our internet page.

5. Objection or deletion optionst

As a user, you have the option of deleting your registration at any time. You can amend the data stored about you at any time. Contact us by sending an email to hr@wheelslogistics.com and briefly explain your concern.

VI. Contact form and email contact

1. Description and scope of data processing

Our Internet site has a contact form, which can be used, especially by applicants, to make contact electronically. When a user applies this option, the data given on the input mask is then sent to us and stored. This data consists of:

The following data is also stored at the point of sending the message:

(1) The user’s IP address
(2) Date and time of message

Alternatively, you can make contact via the email address provided. In this case, the user’s personal data provided by email is stored. No transfers to third parties are made in this case. The data is used exclusively to process the conversation

2. Legal basis for processing personal data

Art. 6 sec. 1 lit. a GDPR provides the legal basis for the processing of data when the user has given consent.

Otherwise, Art. 6 sec. 1 lit. f GDPR provides the legal basis for the processing of the data. Art. 6 sec. 1 lit. b GDPR/DSGVO provides an additional legal ground when contact is made for the purposes of concluding a contract.

3. The purpose of data processing

The processing of personal data provided via an input mask only serves us in order to process the contact, which has been made. When contact is made by email there is also a required justifiable interest to process the data.

Other personal data processed during the sending process serve to prevent misuse of the contact form and to safeguard the security of our IT systems.

4. Duration of storage

Data is deleted as soon as they are no longer required to fulfil the purpose of collection. This applies to personal data from the input mask of the contact form and that sent by email when the respective conversation with the user has ended. The conversation has ended when the circumstances imply that the issues concerned have been finally resolved.

Additional data collected during the sending process is deleted after a period of seven days at the latest

5. Objection or deletion options

The user has the option to withdraw his consent to process his personal data at any time. If the user contacts us by email, then he can cancel the storage of his personal data at any time. 6 All personal data, which is collected in the course of making contact, is deleted in this case.

VII. Website analysis

1. Description and scope of data processing

Our website uses cookies, which allow the analysis of the user’s surfing behaviour. Cookies are text files, which are stored on the internet browser or by the internet browser on the user’s computer system. If a user calls up a website, a Cookie can be stored in the user’s operating system. This Cookie has a character sequence, which enables a definite identification of the browser when the website is called up again. The user data collected in this way is made into pseudonyms using technical means, and can therefore not be allocated to the caller/user. The data is not stored together with other personal data of users. When our website is called up, users are informed via an info-banner that Cookies will be used for analytical purposes and are notified of this data protection declaration. In this context, information is given on how the storage of Cookies can be blocked in the browser settings

2. Legal basis for processing personal data

Art. 6 sec. 1 lit. a GDPR provides the legal basis for the processing of personal data when Cookies are used for analytical purposes and the user has given consent for this, otherwise Art. 6 sec. 1 lit. f GDPR applies.

3. The purpose of data processing

We use analyses of Cookies in order to improve the quality of our website and its content. An analysis of Cookies tells us how the website is used and allows us to constantly improve our service. This also gives us a justifiable interest in processing personal data according to Art. 6 sec. 1 lit. f GDPR

4. Duration of storage, objection and deletion options

Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you have full control, as a user, over the use of Cookies. You can deactivate or restrict the transmissions of Cookies by changing the settings in your internet browser. Cookies, which have already been stored, can be deleted at any time. This can also be done automatically. If Cookies are deactivated for our website, it is possible that not all functions of the website will be able to be used in full.

5. Additional information

Our website specifically uses „Google Analytics“, a web analysis service from Google Inc. („Google“). Google Analytics uses so-called ‚Cookies‘, text files that are saved on the user’s computer and allow us to analyse use of our website. The information produced by the Cookie on the use of this website by the user is generally transmitted to a Google server in the USA where it is saved. In the event of activation of IP anonymization on this website, the user’s IP address will be shortened by Google within the member states of the European Union or in other contracted states of the treaty on the European Economic Area. Only in exceptional cases is the full IP address is transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the website operator, Google will use this information to evaluate use of the website by the user, to compile reports on website activities for the website operators and to perform other services connected to website and internet usage. The IP address, transmitted from your browser as part of Google Analytics, is not compiled with other data from Google. Users can prevent Cookies from being stored by setting their browser software accordingly; however, the service then points out that it may be possible that not all functions of the website can be used in full. Users can also object to the collection of data produced by the Cookie and use of the website (including their IP address) by Google and prevent Google from processing this data by downloading the available browser plugin under the following link http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser-add-on or for browsers on mobile equipment, please click this link, to prevent a Google Analytics collection when on this website in future. This places an OptOut-Cookie on your device. You must click on this link again after you have deleted your Cookies.

VIII. The rights of the person concerned

You are a person concerned in the sense of GDPR when your personal data is processed and you have the following rights with regards to the responsible party:

1. The right to information

You can request a confirmation from the responsible party stating whether we process the personal data. When such processing is taking place, you can request the following information from the responsible party:

(1) The purposes for the processing of personal data;

(2) The personal data categories used for processing;

(3) The recipients and/or the categories of recipients to whom the personal data that was disclosed or will be disclosed;

(4) The planned duration of storage of the personal data or, if no concrete information can be given on this, the criteria for determining the duration of storage;

(5) The existence of a right to correct or delete the data, the right to restrict processing by the responsible party or the right to object to such processing;

(6) The existence of a right to complain to a regulatory authority;

(7) All available information about the origin of the data, when the personal data is not collected from the person concerned;

(8) The existence of automated decision-making including profiling as per Art. 22 sec. 1 and 4 GDPR and – and as a minimum in these cases – meaningful information about the logic involved as well as the impact and the intended effects of such processing for the person concerned.

You have the right to ask for information on whether the personal data is transmitted to a third country or to an international organisation. In this context of transmission, you can ask for information on the appropriate guarantees according to Art. 46 GDPR.

2. The right to correction

You have a right to ask the responsible party to correct and/or amend your personal data, provided the processed personal data is incorrect or incomplete. The responsible party must undertake the correction immediately.

3. The right to restrict processing

Under the following circumstances, you can ask for the processing of personal data to be restricted:

(1) When you question the accuracy of the personal data for a duration, which allows the responsible party to check the accuracy of the personal data

(2) When the processing is unlawful and you reject the deletion of the personal data and instead ask for the use of the personal data to be restricted;

(3) When the responsible party no longer needs the personal data for the purposes of processing, but you still need the same to assert, exercise or defend legal claims, or

(4) When you have entered an objection against processing as per Art. 21 sec. 1 GDPR and it has not as yet been ascertained whether the justified grounds of the responsible party outweigh your grounds.

When the processing of the personal data has been restricted, then this data may only be processed – apart from storing it – with your consent or to assert, exercise or defend a legal claim or to protect the rights of another individual or legal person or for reasons of important public interest to the Union or a member state. If the restriction of processing has been imposed due to the above conditions, the responsible party will inform you before this restriction is lifted.

4. The right to deletion

a) the duty to delete

You can ask the responsible party to delete the personal data concerned immediately and the responsible party is obliged to delete this data immediately, provided one of the following reasons apply:

(1) The personal data is no longer required for the purposes it was collected for or used otherwise

(2) You revoke your consent, upon which processing as per Art. 6 sec. 1 lit. a or Art. 9 sec. 2 lit. a GDPR was based, and there is no other legal basis for processing. .

(3) You lodge an objection as per Art. 21 sec. 1 GDPR against processing and there are no overriding justified reasons for processing, or you lodge an objection as per Art. 21 sec. 2 GDPR against processing.

(4) The personal data was processed unlawfully.

(5) The deletion of personal data is required to fulfil a legal obligation according to Union law or the law of member states that the responsible party is subject to.

(6) The personal data was collected with regards to services offered by the information company as per Art. 8 sec. 1 GDPR.

b) information to third parties

When the responsible party has published the personal data and is obligated as per Art. 17 sec. 1 GDPR to delete it, it shall then take appropriate measures, including technical support – whilst taking into consideration the available technology and costs of implementation – to inform parties responsible for processing this data that you, as the person concerned, have asked that all links to this personal data or copies or replications of this personal data are deleted.

c) Exceptions

The right to deletion does not apply when processing is required:

(1) For exercising the right to freedom of opinion and information;

(2) To fulfil a legal duty, which the responsible party is obligated to process according to Union law or the member states law the responsible party is subject to, or to recognise an obligation, which is of public interest or is carried out to exercise an official authority, which was transferred to the party concerned;

(3) On grounds of public interest with regards to public health as per Art. 9 sec. 2 lit. h and i as well as Art. 9 sec. 3 GDPR;

(4) For reasons of archiving i.e. public interest, scientific or historical research purposes or for statistics as per Art. 89 sec. 1 GDPR, in as far as that the right stated under section a) probably would make the realisation of these aims impossible or would seriously hamper them or

(5) For asserting, exercising or defending legal claims

5. The right to instruct

If you have asserted the right to correct, delete or restrict the processing with regards to the responsible party, then the party is obligated to inform all recipients to whom the personal data has been disclosed of this correction or deletion of data or restriction of processing, unless it proves impossible or it would involve unreasonable expense. You have the right to be informed of these recipients in respect of the responsible party

6. The right to data portability

You have the right to receive the personal data, which you provided to the responsible party, in a structured, accessible and machine-readable format. You also have the right to transfer this data to another responsible party without restriction by the responsible party to whom you provided the personal data.

(1) Processing is based on consent as per Art. 6 sec. 1 lit. a GDPR or Art. 9 sec. 2 lit. a GDPR or a contract as per Art. 6 sec. 1 lit. b GDPR and

(2) Processing is carried out using automated procedures.

When exercising this right, you have a further right to insist that the personal data concerned is transmitted directly from one responsible party to another responsible party, provided this is technically possible. This must not affect other person’s freedoms and rights. The right to data portability does not apply to the processing of personal data, which is needed to perform a task, which is in the public interest or which was transferred to the responsible party in order to exercise an official authority

7. The right to object

You have the right to object at any time, for reasons that arise due to your special circumstances, against the processing of personal data carried out on the basis of Art. 6 sec. 1 lit. e or f GDPR; this also applies to profiling based on this regulation. The responsible party will no longer process the personal data, unless it can provide urgent compelling reasons for processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data is processed for direct advertising you have the right to object at any time to the processing of personal data for the purposes of such advertising; this also applies to profiling when it is connected to such direct advertising. If you object to processing for the purposes of direct advertising the personal data will no longer be processed for these purposes. You have the option to exercise your right to object in connection to use of the services of the information company – irrespective of directive 2002/58/EC – by means of automated procedures, which use technical specifications.

8. The right to withdraw the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the legality of processing carried out based on the consent up to withdrawal.

9. The right to complain to a regulatory authority

Irrespective of another regulatory or legislative remedy, you have the right to complain to a regulatory authority, in particular in the member state of your residence, workplace or the place of the alleged breach, if you are of the opinion that the processing of personal data is in breach of the GDPR. The regulatory authority where the complaint is lodged informs the complainant of the status and results of the complaint, including the possibility of legal action as per Art. 78 GDPR.